⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.
CVE-2024-4741 — Use After Free in Openssl
Severity
7.5HIGHNVD
OSV7.4OSV5.9
EPSS
0.4%
top 41.85%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedNov 13
Latest updateNov 28
Description
Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause
memory to be accessed that was previously freed in some situations
Impact summary: A use after free can have a range of potential consequences such
as the corruption of valid data, crashes or execution of arbitrary code.
However, only applications that directly call the SSL_free_buffers function are
affected by this issue. Applications that do not call this function are not
vulnerable. Our investigations indicate that th…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages13 packages
🔴Vulnerability Details
6OSV▶
CVE-2024-4741: Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact s↗2024-11-13
OSV▶
CVE-2024-4741: Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause
memory to be accessed that was previously freed in some situations
Impact↗2024-11-13
GHSA▶
GHSA-6vgq-8qjq-h578: Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause
memory to be accessed that was previously freed in some situations
Impact↗2024-11-13